summaryrefslogtreecommitdiff
path: root/lib/uri
diff options
context:
space:
mode:
authorJeremy Evans <code@jeremyevans.net>2019-07-05 14:45:19 -0700
committerJeremy Evans <code@jeremyevans.net>2019-10-08 07:30:55 -0700
commit7909f06212ae8df6ba7203f8152292a190b2b33a (patch)
tree339f267dae1220e0c60b74bfb560371a88869833 /lib/uri
parent8feb8c9bb7e9036ee2014b0f532677635a16893e (diff)
Check for invalid hex escapes in URI#query=
Fixes [Bug #11275]
Notes
Notes: Merged: https://github.com/ruby/ruby/pull/2535
Diffstat (limited to 'lib/uri')
-rw-r--r--lib/uri/generic.rb1
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb
index ea79e7950a..c672d15eb2 100644
--- a/lib/uri/generic.rb
+++ b/lib/uri/generic.rb
@@ -836,6 +836,7 @@ module URI
v.encode!(Encoding::UTF_8) rescue nil
v.delete!("\t\r\n")
v.force_encoding(Encoding::ASCII_8BIT)
+ raise InvalidURIError, "invalid percent escape: #{$1}" if /(%\H\H)/n.match(v)
v.gsub!(/(?!%\h\h|[!$-&(-;=?-_a-~])./n.freeze){'%%%02X' % $&.ord}
v.force_encoding(Encoding::US_ASCII)
@query = v